In the real world, security is more than just locks and doors. It’s an active process, one that requires people as much as technology. Computer security is no different, and for a company to make real decisions regarding their cybersecurity, those at the top must understand the risks and duties involved.

“What you have to bring together now is security risk and compliance. It’s all one thing. At the board level, you don’t have those as separate topics anymore,” said Jason Cook (pictured, right), managing director of The Chertoff Group LLC.

Cook, along with Paul Farrell (pictured, left), chief executive officer of Nehemiah Security LLC, spoke with Jeff Frick (@JeffFrick), co-host of theCUBE, SiliconANGLE’s mobile livestreaming studio, during the Chertoff Group Security Series “Security in the Boardroom” event in Palo Alto, California. (* Disclosure below.)

They discussed matters of cybersecurity, Nehemiah as a company and bringing information to the company board.

Taking security all the way to the board

Nehemiah offers a cybersecurity suite that helps them know, manage and protect organizations. The knowing part comes in the form of risk quantifier software that allows companies to make informed decisions on where to invest in their security, Farrell explained.

“We call the process BIA, or Business Impact Analysis. A lot of Fortune 500 firms have already been doing this,” Farrell said.

Company boards, especially among the Fortune 500, are learning about cybersecurity. They’re also taking action. Legal compliance is one reason, but boards also have a duty to take care of the company itself. However, bringing together all the information they need is a challenge, according to Cook. Organizations tend to create walled silos, and they need the right tools to gain an overview of the company’s security situation.

It’s vital for companies to take their business information and then marry what they know to their security systems, Farrell added. For this to happen, the board needs to hear the issues in the language they speak. That language is risk and investment. “Whether compliance says it or not, we need to be protecting our data,” Farrell said.

For businesses, a big part of protecting their data is knowing their digital footprint. Many organizations simply don’t have this necessary map. How then, can they protect their digital assets? A company cannot complete their digital journey without an understanding of their footprint and the security concerns involved, according to Cook.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of The Chertoff Group Security Series “Security in the Boardroom.” (* Disclosure: TheCUBE is a paid media partner for The Chertoff Group Security Series “Security in the Boardroom.” Neither The Chertoff Group LLC nor Nehemiah Security LLC have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE